Technology Information Security Officer

**_You are a cybersecurity leader passionate about building security, privacy and resilience in our payments platform _**:

- **_We process every 2 out of 5 payments in Australia and are the largest payments operator in the southern hemisphere _**:

- **_Together we can build tomorrow’s bank today
- **

**See yourself in our team**

Payments Services Utility (PSU) is a division within the technology function which facilitates seamless, safe and secure payments to CommBank customers.

**Do work that matters
As an Executive Manager and Technical Information Security Officer (TISO), you will join Payments Services Utility (PSU) Team to ensure the right controls are natively built into all solutions and that risk controls are assessed on an agile basis across change and operate. You will engage and influence stakeholders across boundaries and connecting the dots between teams and programs of work to ensure faster decision making and a focus on organisational wide outcomes.

This role will report to the General Manager - Payments Technology, and General Manager - Merchant Technology. This role requires a strong engagement with General Manager - PSU Service Manager. The role will directly lead a Senior Manager, TISO.

Specifically you will;
- Be the Cyber and Resilience SME within PSU to help teams understand policy, procedure and control requirements
- Actively engage through the project lifecycle in a continuous integration and delivery lifecycle to ensure technology controls are effectively integrated into the solutions
- Assist service owners to ensure the technology and cyber controls are operating effectively
- The role of TISO is not limited to cybersecurity and will cover all IT general control aspects (non-security, resiliency)
- Proactively lead initiatives and activities which would improve cyber and resilience position of PSU such as failed change reviews and change readiness reviews
- Proactively engage and support tech crews and CCO representatives on resolutions of cyber and resilience risks by including key remediation actions in quarterly crew memos.
- Elevate awareness of cybersecurity, risk and resilience initiatives within the PSU engineering community such as secure coding and vulnerability management
- Champion the activities performed by security by design (SbD) and AppSec Champions
- Support PSU Compliance team with cybersecurity and resilience related requirements for applicable regulatory compliance frameworks (e.g. SWIFT CSP, NPP) are met
- Partner with CCO and risk profile owners to ensure technology delivered and run services are managed within Risk Appetite
- Drive continuous improvements of cybersecurity and resilience within PSU

**What you need to succeed
This is an executive manager level role engaging and influencing across boundaries and connecting the dots between teams and programs of work to ensure faster decision making and a focus on organisational wide outcomes.

You will have a wealth of experience of defining technology control requirements in-line with control objectives and influencing your stakeholders to achieve those control outcomes. You demonstrate equal proficiency in engaging senior executives to update them on risk positions and consulting engineers on technical cybersecurity matters. You will have a track record of designing, building and assessing cybersecurity solutions on scale, both, in on-prem and cloud environments.

You are well versed with key cybersecurity controls such as secure coding, vulnerability and patch management, penetration testing, backup and restoration, and key cybersecurity concepts like OWASP Top 10.

With a strong understanding of the latest resiliency and security technologies, principles, protocols and tools you will ideally hold professional certifications in ITIL, CISSP and / or CCSP.

Your executive level stakeholder management skills will enable the promotion of your team’s ideas, the management of conflicting priorities and the challenging of others where appropriate, facilitating and gaining consensus through those interactions

**What does it mean to be successful:
**A successful TISO will;
- Improve the operational effectiveness of our control environment
- Uplift cyber awareness of our teams measured through different reports
- Provide continuous control assessment capability
- Increase the capacity of service and delivery teams

**What now**:
This is a highly rewarding, career minded opportunity that will lead you on to great things. With a supportive management structure and a fantastic work / life balance which offers flexible, full time, part time and job share work arrangements, the CBA will, in return for your skills and passion, offer you a challenging, varied and enjoyable opportunity and the autonomy to shine.

We are committed to building a respectful and inclusive workplace, appointing the best person for the role, supporting diversity across all areas. All information will be held in the strictest of confid